This page collects WhisperX intelligence signals tagged #symlink attack. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical vulnerability in Kyverno, tracked as CVE-2026-32282, exposes a race condition that can allow a malicious symlink to bypass the tool's root directory security boundary. The flaw resides in the `Root.Chmod` function, which is designed to prevent operations on files outside a specified root directory. However, ...
A critical security vulnerability in the widely-used python-dotenv library exposes systems to local file overwrite attacks. The flaw, tracked as CVE-2026-28684 (GHSA-mf9w-mj56-hr94), resides in the `set_key()` and `unset_key()` functions. These functions follow symbolic links when rewriting `.env` files, creating a pat...
A security vulnerability in a code review GitHub Action's `prepare` workflow allows malicious pull requests to read and exfiltrate sensitive system files from the runner environment. The flaw, located in the `src/prepare/main.ts` module, stems from the action accepting a `review-reference-file` input and reading the sp...